Last active
September 5, 2018 19:31
-
-
Save hedlund/eb0460760d78faa95fd385bd31e47dd2 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| # Install by running: | |
| # iex (new-object net.webclient).downloadstring('https://gist.githubusercontent.com/hedlund/eb0460760d78faa95fd385bd31e47dd2/raw/2d5ecf501a62b60d023f7232f2731bdbdaacf5f1/setup-win.ps1') | |
| ############################################################################### | |
| # Configuration | |
| $TOOLS_DIR = "C:\tools" | |
| $WEASEL_PAGEANT_VERSION = "1.1" | |
| ############################################################################### | |
| # Make sure user is admin | |
| $CurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent() | |
| $CurrentUserIsAdmin = $false | |
| $CurrentUser.Groups | ForEach-Object { if($_.value -eq "S-1-5-32-544") { $CurrentUserIsAdmin = $true } } | |
| if (!($CurrentUserIsAdmin)) { | |
| Write-Warning "You need to run this script as elevated administrator. Aborting!" | |
| Exit 102 | |
| } | |
| ############################################################################### | |
| # Functions | |
| Function Test-RegistryValue([String]$Path, [String]$Name) { | |
| if (Test-Path $Path) { | |
| $Key = Get-Item -LiteralPath $Path | |
| if ($Key.GetValue($Name, $null) -ne $null) { | |
| return $true | |
| } | |
| } | |
| return $false | |
| } | |
| Function Get-RegistryValue([String]$Path, [String]$Name) { | |
| if (Test-Path $Path) { | |
| $Key = Get-Item -LiteralPath $Path | |
| if ($Key.GetValue($Name, $null) -ne $null) { | |
| return $Key.GetValue($Name, $null) | |
| } | |
| } | |
| return $null | |
| } | |
| Function Add-RegistryKey([string]$Path) { | |
| if (!(Test-Path $Path)) { | |
| $parent = "$Path\.." | |
| $grandParent = "$parent\.." | |
| if (!(Test-Path $grandParent)) { | |
| New-Item -Path $grandParent | Out-Null | |
| } | |
| if (!(Test-Path $parent)) { | |
| New-Item -Path $parent | Out-Null | |
| } | |
| New-Item -Path $Path | Out-Null | |
| } | |
| } | |
| Function Set-RegistryDWord([String]$Path, [String]$Name, [int32]$Value) { | |
| $old = Get-RegistryValue -Path $Path -Name $Name | |
| if ($old -ne $null -and [int32]$old -eq $Value) { | |
| # Already the correct value... | |
| return | |
| } | |
| if (Test-RegistryValue $Path $Name) { | |
| Set-ItemProperty -Path $Path -Name $Name -Value $Value | |
| } else { | |
| Add-RegistryKey -Path $Path | |
| New-ItemProperty -Path $Path -Name $Name -PropertyType DWord -Value $Value | Out-Null | |
| } | |
| } | |
| Function Set-RegistryString([String]$Path, [String]$Name, [string]$Value){ | |
| $old = Get-RegistryValue -Path $Path -Name $Name | |
| if ($old -ne $null -and [string]$old -eq $Value) { | |
| # Already the correct value... | |
| return | |
| } | |
| if (Test-RegistryValue $Path $Name) { | |
| Set-ItemProperty -Path $Path -Name $Name -Value $Value | |
| } else { | |
| Add-RegistryKey -Path $Path | |
| New-ItemProperty -Path $Path -Name $Name -PropertyType String -Value $Value | Out-Null | |
| } | |
| } | |
| Function Set-DeviceAccess([string]$Guid, [string]$Value){ | |
| Set-RegistryString -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{$Guid}" -Name Value -Value $Value | |
| } | |
| ############################################################################### | |
| # Installation | |
| # Set execution policy to be able to run sremote scripts | |
| if ((Get-ExecutionPolicy) -eq "Restricted") { | |
| Set-ExecutionPolicy RemoteSigned -scope CurrentUser | |
| } | |
| # Install Scoop | |
| if (!(Get-Command "scoop" -errorAction SilentlyContinue)) { | |
| Invoke-Expression (New-Object Net.WebClient).DownloadString('https://get.scoop.sh') | |
| } | |
| # Install Choco | |
| if (!(Get-Command "choco" -errorAction SilentlyContinue)) { | |
| Invoke-Expression (New-Object Net.WebClient).DownloadString('https://chocolatey.org/install.ps1') | |
| } | |
| # We need to install git before adding buckets to Scoop... | |
| scoop install openssh git | |
| # ...then add the buckets | |
| scoop bucket add extras | |
| scoop bucket add nerd-fonts | |
| # Install most things using Scoop... | |
| scoop install autohotkey | |
| scoop install cmder | |
| scoop install docker | |
| scoop install firefox-developer | |
| scoop install godot | |
| scoop install gpg4win | |
| scoop install hyper | |
| scoop install mobaxterm | |
| scoop install now-cli | |
| scoop install postman | |
| scoop install slack | |
| scoop install sudo ln touch time | |
| scoop install vscode | |
| scoop install wox | |
| scoop install zeal | |
| # ...and the rest using Choco | |
| choco install -y 1password | |
| choco install -y boostnote | |
| choco install -y caffeine | |
| choco install -y dropbox | |
| choco install -y googlechrome | |
| choco install -y spotify | |
| # Make sure we have a tools directory | |
| New-Item -Force -ItemType directory -Path "$TOOLS_DIR" | |
| # Check if we need to install weasel-pageant | |
| if (![System.IO.File]::Exists("$TOOLS_DIR\weasel-pageant\weasel-pageant")) { | |
| # Download the release ZIP file... | |
| $weasel_file = "$TOOLS_DIR\weasel-pageant.zip" | |
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| (new-object net.webclient).DownloadFile("https://github.com/vuori/weasel-pageant/releases/download/v$WEASEL_PAGEANT_VERSION/weasel-pageant-$WEASEL_PAGEANT_VERSION.zip", $weasel_file) | |
| # ...and unzip it and move it into place | |
| $shell_app=new-object -com shell.application | |
| $shell_app.namespace($TOOLS_DIR).CopyHere($shell_app.namespace($weasel_file).items()) | |
| Rename-Item -Path "$TOOLS_DIR\weasel-pageant-$WEASEL_PAGEANT_VERSION" -NewName "weasel-pageant" -ErrorAction Stop | |
| # Cleanup | |
| Remove-Item -Path "$weasel_file" | |
| } | |
| ############################################################################### | |
| # Privacy / General | |
| # Disable Allow apps to use advertising ID to make ads more interesting to you... | |
| Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name Enabled -Value 0 | |
| # Disable Allow websites to provide locally relevant content by accessing my language list | |
| Set-RegistryDWord -Path "HKCU:\Control Panel\International\User Profile" -Name HttpAcceptLanguageOptOut -Value 1 | |
| # Disable Allow Windows to track app launches to improve Start and search results | |
| Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Start_TrackProgs -Value 0 | |
| ############################################################################### | |
| # Privacy / Speech, inking & typing | |
| # Turn off speech services and typing suggestions | |
| Set-RegistryDWord -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name RestrictImplicitInkCollection -Value 1 | |
| Set-RegistryDWord -Path "HKCU:\SOFTWARE\Microsoft\InputPersonalization" -Name RestrictImplicitTextCollection -Value 1 | |
| Set-RegistryDWord -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name HarvestContacts -Value 0 | |
| Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name AcceptedPrivacyPolicy -Value 0 | |
| ############################################################################### | |
| # Privacy / Diagnostic & feedback | |
| # Set Diagnostic data to Basic | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name AllowTelemetry -Value 1 | |
| # Disable Improve inking & typing recognition | |
| Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Input\TIPC" -Name Enabled -Value 0 | |
| # Disable Tailored experiences | |
| Set-RegistryDWord -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Privacy" -Name TailoredExperiencesWithDiagnosticDataEnabled -Value 0 | |
| # Disable Diagnostic data viewer | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventTranscriptKey" -Name EnableEventTranscript -Value 0 | |
| ############################################################################### | |
| # Edge | |
| [string]$EdgeKey = "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge" | |
| # Set dark theme | |
| Set-RegistryDWord -Path "$EdgeKey\Main" -Name Theme -Value 1 | |
| # Send Do Not Track requests | |
| Set-RegistryDWord -Path "$EdgeKey\Main" -Name DoNotTrack -Value 1 | |
| # Do not save passwords | |
| Set-RegistryString -Path "$EdgeKey\Main" -Name "FormSuggest Passwords" -Value "no" | |
| # Do not save cards | |
| Set-RegistryString -Path "$EdgeKey\Main" -Name UsePaymentFormFill -Value "no" | |
| # Do not bug me about default browser | |
| Set-RegistryDWord -Path "$EdgeKey\Main" -Name DisallowDefaultBrowserPrompt -Value 1 | |
| # Disable search suggestions | |
| Set-RegistryDWord -Path "$EdgeKey\User\Default\SearchScopes" -Name ShowSearchSuggestionsGlobal -Value 0 | |
| # Disable page prediction | |
| Set-RegistryDWord -Path "$EdgeKey\FlipAhead" -Name FPEnabled -Value 0 | |
| # Enable phising filter | |
| Set-RegistryDWord -Path "$EdgeKey\PhishingFilter" -Name EnabledV9 -Value 1 | |
| ############################################################################### | |
| # Misc privacy settings | |
| # Disable Wifi Sense | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" -Name AutoConnectAllowedOEM -Value 0 | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name WiFiSenseCredShared -Value 0 | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features" -Name WiFiSenseOpen -Value 0 | |
| # Disable Share updates | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name DODownloadMode -Value 0 | |
| # Disable Telemetry service | |
| Stop-Service -Name DiagTrack -Force | |
| Set-Service -Name DiagTrack -StartupType Disabled | |
| if ((Get-Service | Where-Object Name -eq dmwappushservice).count -eq 1) { | |
| Stop-Service -Name dmwappushservice -Force | |
| Set-Service -Name dmwappushservice -StartupType Disabled | |
| } | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name AllowTelemetry -Value 0 | |
| ############################################################################### | |
| # Screen saver | |
| # Set a 3 minute timeout and require password | |
| Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaveActive" -Value 1 | |
| Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaverIsSecure" -Value 1 | |
| Set-RegistryDWord -Path "HKCU:\Control Panel\Desktop" -Name "ScreenSaveTimeOut" -Value 180 | |
| Set-RegistryString -Path "HKCU:\Control Panel\Desktop" -Name "SCRNSAVE.EXE" -Value "C:\Windows\system32\scrnsave.scr" | |
| # Set a 5 second grace period | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "ScreenSaverGracePeriod" -Value 5 | |
| ############################################################################### | |
| # Uninstall some Windows Store crap | |
| Get-AppxPackage A278AB0D.* | Remove-AppxPackage | |
| Get-AppxPackage king.com.* | Remove-AppxPackage | |
| Get-AppxPackage Microsoft.MicrosoftSolitaireCollection* | Remove-AppxPackage | |
| Get-AppxPackage Microsoft.MicrosoftOfficeHub* | Remove-AppxPackage | |
| Get-AppxPackage 828B5831.HiddenCity* | Remove-AppxPackage | |
| # Prevent "Suggested Applications" from returning | |
| Set-RegistryDWord -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" -Name "DisableWindowsConsumerFeatures" -Value 1 | |
| ############################################################################### | |
| # Remove OneDrive | |
| # Kill the OneDrive and Explorer processes | |
| taskkill.exe /F /IM "OneDrive.exe" | |
| taskkill.exe /F /IM "explorer.exe" | |
| # Run the OneDrive uninstall if it exists | |
| if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") { | |
| & "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall | |
| } | |
| # Cleanup some remaining folders and files | |
| Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive" | |
| Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive" | |
| Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "C:\OneDriveTemp" | |
| Remove-Item -Force -ErrorAction SilentlyContinue "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk" | |
| # Remove from Explorer sidebar | |
| New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR" | |
| Set-RegistryDWord -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Name "System.IsPinnedToNameSpaceTree" -Value 0 | |
| Set-RegistryDWord -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Name "System.IsPinnedToNameSpaceTree" -Value 0 | |
| Remove-PSDrive "HKCR" | |
| # Restart Explorer and give it time to start | |
| start "explorer.exe" | |
| sleep 15 | |
| ############################################################################### | |
| # Enable LXSS - Requires restart! | |
| Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment